The HSCN Secure Boundary is a perimeter security solution that protects against security threats. It is primarily designed to filter outbound traffic and protect against malware, phishing, and other online threats. Inbound Internet traffic is not filtered by the HSCN Secure Boundary, but can be provided directly from the CNSP's.
HSCN obligation SO10 states that HSCN Suppliers must provide access to HSCN Consumer's Business Application Services or other services, such as websites, from the internet, on request from the HSCN Consumer. However, obligation SO10 does not prescribe specific security countermeasures for inbound Internet traffic.
It is strongly recommended that organisations consider the security risks and suggested risk mitigations identified by the National Cyber Security Centre (NCSC) and NHS England's Data Security Centre. Inbound Internet service provision over HSCN should also comply with relevant NCSC guidance.
Overall, the HSCN Secure Boundary is a valuable tool for protecting HSCN networks from outbound threats, but it is not designed to filter inbound traffic. Organisations should implement additional security measures to protect inbound traffic, such as firewalls, intrusion detection systems, and web filtering solutions.